Overview¶
Modes
The iApp supports multiple modes of operation:
Mode | Description |
---|---|
Standalone | Deployment driven by BIG-IP via GUI or API (SOAP/REST) |
F5 iWorkflow | Deployment driven by the F5’s iWorkflow product (Service Catalog/REST Proxy) |
Cisco APIC | Deployment driven by L4-7 Service Graphs via the iWorkflow Dynamic Device Package and Cisco Systems APIC Controller |
VMware NSX | Deployment driven by L4-7 Service Insertion via iWorkflow from VMware NSX |
Features
Deployment Control
- Strict Updates setting Control
- Automated Statistics Handler Creation
- Deployment mode override
- Route Domain support
- ASM/APM Policy Redeployment Control
- Preserve on-box policy (allow out-of-band policy updates)
- Enforce template policy (overwrite local changes)
- Deployment Log Level Control
L4-7 Helpers
- Statistics:
- TLS/SSL
- HTTP
- Virtual Server/Pool
- HTTP/HTTPS ADC:
- Full HTTP/L7 Policy Creation (e.g. URI/Header/etc based routing, HTTP Request Manipulation)
- X-Forwarded-For Header Insertion
- HTTP->HTTPS Redirect creation
- TLS/SSL Easy Cipher String
- L4 Security:
- L4 Firewall Policy Support
- Dynamic IP Blacklisting/IP Intelligence (BIG-IP subscription required)
- Static Blacklist Source Address List
- Static Allowed Source Address List
- HTTP/HTTPS L7 Security:
- HTTP Strict Transport Security Header Insertion
- Web Application Firewall (ASM) policy bundling and deployment from URL
- Identity and Access Management (APM) policy bundling deployment from URL
Custom Extensions
- Extensibility through custom TCL scripting
- See Custom Extensions for more info
Virtual Address Options
- Route Advertisement Control
- Advanced Option Support
- Access to any TMSH configurable attribute
Virtual Server Options
Multiple listeners:
- IPv4 & IPv6 Address and L4 Port
- Remove SSL/TLS profile(s) (Client, Server, Both)
- Destinations:
- Pools (template created and existing pools on system)
- Create additional HTTP->HTTPS Redirect
- IPv4 & IPv6 Address and L4 Port
Administrative Attributes:
- Name
- Description
L3/4 Functionality:
- IPv4 & IPv6
- Types:
- Standard
- Performance/FastL4
- Forwarding (L2/IP)
- Internal
- IP
- Network Mask
- Port
- Protocol (tcp/udp)
- L4 Protocol Profiles (Server/Client-side)
- Access to any TMSH configurable attribute via ‘create’ syntax
- SNAT
- Automap
- Pre-existing SNAT Pool
- Dynamic SNAT Pool creation
- Dynamic SNAT Pool referencing (Cisco APIC specific)
- Connection Limits
- Dynamic IP Blacklist/IP Intelligence Profiles
- Source Port Behavior
- Connection Mirroring
- Advanced Option Support
- Access to any TMSH configurable attribute
L4-7 Functionality:
iRules:
Reference pre-existing iRules (ordering preserved)
Bundled iRule support
Dynamically load from URL
- Required URLs
- Optional URLs - allow deployment to succeed if iRule does not exist on remote server
Advanced Profile Support
- Reference any pre-existing policy on the device
SSL/TLS:
Dynamically created Client-SSL profiles
- Reference pre-existing static Cert/Key
- ‘auto’ mode to dynamically link pre-existing Cert/Key pair
- Load cert/key from URL
Certificate Chain/Bundle
Cipher String
Advanced Option Support
- Access to any TMSH configurable Client-SSL profile attribute
Profiles with create syntax support:
- L4 Protocol (tcp/udp/fastL4)
- HTTP
- OneConnect
- Compression
- Request Logging
- Server-SSL
- Client-SSL
- Default/Fallback Persistence
Profiles without create syntax support:
- Pre-existing Client-SSL
- Analytics
- Security Logging
- DoS Protection
- Access Specific (APM):
- Access Profile
- Connectivity Profile
- Per-Request Profile
Pool Options
- Create multiple pools
- Advanced Option Support
- Access to any TMSH configurable attribute
- Administrative Attributes:
- Name
- Description
- Health Monitor(s) w/ Minimum # monitors
- Load Balancing Method
- Dynamic Member Update Defaults (Port)
- Members
- Addressing
- IPv4 & IPv6
- Existing Node
- Node Creation with Custom Name
- FQDN Lookup
- Port
- Connection Limit
- Ratio
- Priority Groups
- Administrative State
- Advanced Option Support
- Access to any TMSH configurable attribute
- Addressing
Health Monitors
- Multiple monitor support
- Create custom health monitors
- Advanced Option Support
- Access to any TMSH configurable attribute
- Advanced Option Support
- Reference existing health monitors
Helper Scripts
- import_template_bigip.py: Create/update iApp template
- import_cery_key.py: Create/update SSL/TLS Cert/Key on BIG-IP
- deploy_iapp_bigip.py: Deploy iApp Service on BIG-IP
- delete_iapp_bigip.py: Delete iApp Service on BIG-IP
The BIG-IP API Reference documentation contains community-contributed content. F5 does not monitor or control community code contributions. We make no guarantees or warranties regarding the available code, and it may contain errors, defects, bugs, inaccuracies, or security vulnerabilities. Your access to and use of any code available in the BIG-IP API reference guides is solely at your own risk.